Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Expand
titleWhat is supported from card perspective and what are the standard capabilities...

2.5.1 MIFARE DESFire RFID

DESCRIPTION

COMMENT

Supported OSS events (enable/disable per event type)

See chapter: 32.36-OSS-Events

Office mode support

Access card authorisation

Based on card group(s) and reader(s) with time zone

Supported OSS black list cards

Firefighter (intervention) option per card

  • A tag with intervention mode can successfully open a device with a battery warning level 3 (battery dead)

  • Blok list check: yes

  • Expire date check: No

  • Access right check: Yes

  • Event write back on card: No

Info

Every customer has its own MIFARE DESFire KeyFile set

2.5.1.1 Standard OSS Application

OSS TYPE

 NUMBER

DESCRIPTION

DATA

69

No. of door or door-group (69-255)

8

Number of DayTimeSchedules (8-15)

4

Number of DayID per DayTimeSchedule (4-4)

2

Number if TimePeriods per DayID (2-4)

EVENT

18

Number if Events (18-18)

BLOCKLIST

5

 Number if Blocklisted cards (5-5)

Total

1792kB

Written on the card incl. backup file, conform OSS standard

Info

The card layout explained above can be modified but must be requested.

Please contact your account manager for this.

2.5.2 Mobile device

DESCRIPTION

COMMENT

Per card an overview of assigned reader(s) with a Mobile key

Per reader an overview of assigned persons with a Mobile key

Office mode support

Offline access rights synchronized automatically with mobile device

Semi online: All events (types) will be sent from Mobile device to iProtect.

See chapter: 32.36-OSS-Events

Support IPROTECT Access app.

IOS and ANDROID support

...

Expand
titleHow to setup the online hardware...

This chapter describes both DOM OSS data on card and mobile access. A physical controller line is created for using DOM OSS data on card that can also be used for normal access or mobile access The hardware which is used are:

  • Pluto network device.

  • Orion door controller.

  • Sirius iX card reader which supports BLE.

The on-line hardware is needed to profide the RFID card of a OSS application or to update these cards.

4.4.1 Add Network device for update- and enrollment function

Create a Pluto Network device. The readers connected to this line are used to write (add) an OSS application to the card and to update the cards when a card is presented on the reader before access is granted.

In iProtect, browse to menu: Installation | Hardware | Line.

  • Right click in the tree view and click on the icon “Add Line”:

Field

Content

Name

Logical name for the Line

Features

Type

Network device.

Host type

Pluto

Communication

Active

Activated

Active (with Nodes)

Activated

Status

Function of the line

Physical line

Address

IP Address

IP address of the relevant pluto

  • Save this record.

4.4.2 Add Orion door controller (Node)

In iProtect, browse to menu: Installation | Hardware | Line.

  • Select the Pluto line to which the Orion door controller is to be connected. Press right mouse-button: “Add Node”:

Field

Content

Name

Logical name of the Node

Status

Node online

Active

When activating the Node, the Orion will be detected automatically.

Info

When the line is active and the Orion is already connected to the Pluto, Press the button “Discover”. The Orion (with connected card readers) are created automatically.

  • Save this record.

4.4.3 Add online (Sirius) reader

4.4.3.1 Update reader

An update reader is required (per location) to read/write:

  • the events (e.g. access granted, no access).

  • the battery statuses of offline locks.

  • update access rights .

  • update the block list.

Info

When using multiple locations, each location should get there own site code. Select the corresponding Card data interpretation with the correct site code.

Browse to the menu: Installation | Hardware | Node.

  • Select the Orion door controller Node and open this in the treeview (+).

  • Select in the treeview Orion #1-4, prt 1 or prt2. Press right mouse-click, “Add Reader”

  • Fill in a logical name for the reader.

  • Select the OSS update card data interpretation at the tab “general”.

  • Select the correct provisioner group with the OSS update files.

  • See for more settings and setting details chapter “Reader dialog details”.

  • Save this record.

4.4.3.2 Enrollment reader

An enrollment reader is necessary to provide existing cards with an OSS application.

Browse to the menu: Installation | Hardware | Node.

  • Select the Orion door controller Node and open this in the treeview (+).

  • Select in the treeview Orion #1-4, prt 1 or prt2. Press right mouse-click, “add Reader”

  • Select the correct OSS update card data interpretation at the tab “general”.

  • Select the correct provisioner group with the OSS Enrollment files.

  • See for more settings and setting details chapter “Reader dialog details”.

  • Save this record.

Info

The reader is also created automatically by pressing the discover button on the pluto line

Note

For both the update reader and the enrollment reader, the update card data interpretation must be selected, the provisioner files determine whether a reader is an update or enrollment reader.

...

Expand
titleHow to setup the DOM controller...

4.5.1 Add Virtual line (DOM)

Create a Virtual line. This line is needed to connect DOM controllers.

In iProtect, browse to menu: Installation | Hardware | Line.

  • Right click in the tree view and click on the icon “Add Line”:

Field

Content

Name

Logical name for the Line

Features

Type

Server

Host type

Server

Status

Virtual

  • Save this record.

4.5.2 Add DOM controller (Node)

In iProtect, browse to menu: Installation | Hardware | Line.

  • Select the virtual line to which the DOM Controller is to be connected. Press right mouse-button: “Add Node”: image-20240806-084437.png

Field

Content

Description

Name

Logical name of the Node

Features

Node type

OSS

Network

HTTP port

443

Port number of the connection to the DOM controller

IP address

e.g. 192.168.1.120

Unique IP address of the DOM controller

Password

Password of the DOM Controller (only visible for system users with Installer rights)

Set keys (SC)

Once the connection is established, you can modify the password to a unique one by clicking on the "Set Keys (SC)" button.

General image-20240806-084544.png

Provisioner group

Customer specific

Customer specific, supplied by TKH-Security B.V.

Other image-20240806-084622.png

Offline

OSS manufacturer

DOM API-implementation, see chapter 4.1.1

Bluetooth

Default TX power (iBeacon)

Transmit power 0 dBm

Logging

Log minutes

Installation option

  • Link to existing reader

  • Link to new reader

Chapter 4.6.1.2 and 4.6.1.3

Temparary login image-20240806-085557.png (root or installer only)

Button

Fetch

Retrieve the temporary users from the DOM controller.

Info

After updating iProtect or a restart of the system, the temporally users will be deleted.

Button

Add

You can utilize this button to create a temporary user, such as a user for the mobile app or a system user requiring temporary access to the DOMPloy application.

Info

After updating iProtect or a restart of the system, the temporally users will be deleted.

Select user

Delete button

Delete selected user

Edit button

Edit selected user

Global settings (root or installer only)

Button

Fetch

  • Mobile

  • Card

Get detailed system information

Field

Description

Discover

When a new device is added to the system (e.g. NetManager, lock or door handle), it can be discovered in iProtect by pressing this button. image-20240806-141349.png

Backup

Pressing the button will back up the configuration of the DOM controller. The backup is saved with the date/time of the moment of creation.

  • Activate the check mark behind "Node online.

  • Save this record.

Info

When the connection is successful, the status check mark behind "connected" will turn black.

Note

Temporary users will be automatically deleted when the OSS service restarts.

4.5.2.1 Node tree-view items image-20240806-091211.png

After creating a DOM controller (Node), multiple items are displayed under the Node in the treeview.

Tree-view item

Description

Node backup

Whenever something is changed in the configuration of the DOM controller, iProtect backs it up. The backup is kept for a maximum of 3 months.

Device manager: No

All offline devices associated with a door/reader.

Device manager: Yes

Devices which are associated to a RF-NetManager (on-line)

Device manager

Connected RF-NetManager, interfaced with the DOM Controller

Devices unbound

All offline devices, not linked to a door/reader.

...

Expand
titleHow to add offline devices to the system...

4.6.1 Add device

Although there are several methods to create the hardware, two methods will be described in this chapter.

  • The readers with access rights are prepared in iProtect and linked to the device in the Service app.

  • The reader and device are created in the DOM service app.

4.6.1.2 Link to existing reader image-20240806-092940.png

Start by adding manually readers within iProtect.

Browse to the menu: Installation | Hardware | Node.

  • Add a reader by clicking with the right-mouse button on the DOM node.

  • Click on the icon “add reader”.

  • Fill in the logical name of the reader and select the correct card data interpretation.

  • If desired, you can adjust the door open time in the "door behavior" tab.

  • Once everything has been filled in, you can press the save button.

  • You can grant access rights to the reader by adding the reader to the desired reader groups, you can do this in the reader group list under the created reader.

Browse back to the menu: Installation | Hardware | Node.

  • Select the DOM Controller Node.

  • Open the tab: Other and enable by Installation option the checkbox “Add automatically”.

  • Select “Link to existing reader' at the New device (app) option. image-20240806-092940.png

Info

When the auto-discovery process is started, assigning of new device and readers will be activated for 4 hours. After this time this process will stop automatically.

  • All newly added devices with the dom service app are automatically added to iProtect and linked to the correct reader.

    • After about a minute the device should been enrolled and linked to the reader, and you can also see this on the detail page of the readers.

  • The offline sync status will be visible and if everything is correct the status should be changed in a minute to the status “The configuration is synchronized”.

Info

If the status is different, you should check this within the DOM service app by first synchronizing the DOM service app with the DOM controller and then synchronizing the locks.

4.6.1.2.1 DOM Service app

Use the DOM service app to add the devices. During this process you can directly link the newly created readers to the correct devices in the DOM service app.

  • Synchronize the DOM service app with the DOM controller.

  • Add a device by clicking the Devices button and then clicking the + sign in the DOM service app.

  • Apply the mobile phone (Android) to the device or present de RF Wake-up card to the device (IOS).

  • Click on the OSS-SO-configuration button to link the device to the door (iProtect reader).

  • Press on the couple button.

  • Follow the instructions in the DOM service app.

Info

By using this way of configuration, only one synchronization with the device is needed

Info

If you change access rights or other reader settings after this step, synchronization must take place again for the device in question.

Once the new devices have been assigned from the DOM Service app and the app has been synchronized with the DOM controller, the devices will be enrolled and automatically linked to the correct reader in iProtect. After it has been linked automatically, when using mobile access, enable the checkbox “IPROTECT Access”.

4.6.1.3 Link to a new reader

This setup can be done automatically by the system by enabling the auto discovery function.
When a new device is assigned from the DOM Service app, and the app is synchronized with the DOM controller, iProtect will automatically recognize it and assign the preset settings to the device.

Info

By using this way of configuration, multiple synchronizations with the device are needed!

Note

The mobile phone used to program the locks must have a stable and direct online connection with the DOM controller. If this is not possible, we recommend using the manual method.

Browse to the menu: Installation | Hardware | Node.

  • Select the DOM Controller Node.

  • Open the tab: Other and enable by Installation option the checkbox “Add automatically”.

  • Select “Link to new reader' at the New device (app) option.

  • Select the correct Card data interpretation.

  • When using mobile access, enable the checkbox “IPROTECT Access”.

  • Select a Reader group which can be used during testing the system.

  • Start the auto discovery process by pressing on the start button.

Info

When the auto-discovery process is started, assigning of new device and readers will be activated for 4 hours. After this time this process will stop automatically.

4.6.1.3.1 DOM Service app

Use the DOM service app to add a new device.

  • Synchornize the DOM service app with the DOM controller.

  • Add a device by clicking the Devices button and then clicking the + sign in the DOM service app.

  • Apply the mobile phone (Android) to the device or present de RF Wake-up card to the device (IOS).

  • Change the name of the device (this will be the reader name in iProtect).

  • Press on the couple button.

  • Follow the instructions in the DOM service app (sometimes multiple synchronizations are necessary).

When the reader is synchronized, the following is displayed:

image-20240219-145840.png

...

The RF-NetManager needs to be configured using the DOMPloy software, please consult the DOMConnect manual and go to next chapter "Configure and deploy a RFNM".

...

Expand
titleHow to update or remove offline devices...

5.1.1 Access rights management

If you want to add or remove access rights to an offline lock, you can do this using the steps below.

Browse to the menu: Installation | Hardware | Reader.

  1. Find the desired reader and unfold the reader with the + sign.

  2. Click on the reader group list, here you can add or remove the desired reader groups.

  3. after After +- one minute the offline synchronization status of the lock will change to "the configuration is not in sync"

  4. Get the configuration with the dom service app by syncing the app with the DOM controller.

  5. Sync the offline device with the DOM service app.

  6. Sync the DOM controller with the DOM service app.

  7. after After +- one minute the offline synchronization status of the lock will change to "the configuration is synchronized".

Info

For more information about Access Rights see this *Access rights in iProtect™ - Knowledge Base - Confluence (atlassian.net) article on our knowledge base.

5.1.2 Remove a device

Browse to the menu: Installation | Hardware | Node

  • Double click on the DOM controller node.

  • Right-click on the reader to be deleted.

  • Press on the button Delete.

  • Open the Device unbound section below the DOM controller node.

  • Select the device and change the state from “coupled” to “not coupled”.

  • Sync the DOM service app with the DOM controller.

  • Sync the offline device with the DOM service app.

  • Sync the DOM controller with the DOM service app.

  • Remove the device from iProtect by using the delete button.

Info

When a device has been successfully removed and properly uncoupled, the device is in freewheel mode.

Warning

Be aware! When removing a device without proper disconnection, the device may enter a state that it can only be disconnected using the master card. In the worst case, the lock must be returned to the supplier.

...

Expand
titleHow to update or remove online devices...

5.2.1 Access rights management

If you want to add or remove access rights to an offline lock, you can do this using the steps below.

Browse to the menu: Installation | Hardware | Reader.

  1. Find the desired reader and unfold the reader with the + sign.

  2. Click on the reader group list, here you can add or remove the desired reader groups.

  3. The device and the RF-NetManager start communication and synchronize the changes automaticalyautomatically.

5.2.2 Remove a device

Browse to the menu: Installation | Hardware | Node

  • Double click on the DOM controller node.

  • Right-click on the reader to be deleted.

  • Press on the button Delete.

  • Open the Device unbound section below the DOM controller node.

  • Select the device and change the state from “coupled” to “not coupled”.

  • The device and the RF-NetManager will start communication and the device will be uncoupled automaticalyautomatically.

6. Migrating from A1/B1 to DOM API-implementation

To take advantage of the new API-implementation and hereby the benefits (see Chapter 1.2), the setting OSS configuration in IPROTECT must be changed.

Expand
titleHow to convert A1/B1 config to API-implementation

If you want to convert A1/B1 configuration to API-implementation, the system must meet the minimum requirements, see Chapter 2.1.

  1. Browse to the menu: Installation | Hardware | Oss manufacturer.

  2. Select the used OSS element in the tree-view.

  3. Change the OSS Version from “A1” or “B1” to “DOM API-implementation“ .

  4. Browse to menu: Installation | Hardware | Node.

  5. Select the DOM OSS Node in the tree-view.

  6. Set the correct settings for the DOM controller see Chapter 4.5.2 .

Note

It is essential to configure the correct provisioner group at the DOM OSS node, as this will transmit the configuration and keys to the BridgeDOM controller.

If an incorrect provisioner is selected, the locks may be programmed with the wrong keys, rendering them incompatible with the existing cards.

  1. Discover the devices by using the wizard or manually see chapter 4.6.1.2.

  2. Set the correct unbound “device address/PHI” to the reader .

  3. image-20241026-124444.png

  4. Synchronize the locks by using the DOM service app see Chapter 3 .

Note

The configuration file and the keys for the bridge are sent via the provisioner in version =>10.04. This is different from older iProtect versions. To set this up correctly, it is necessary to request a key set from TKH.

Info

When migrating a system from A1/B1 to API, all locks must be re-synchronized.

...